From 089d8908b172a2741a2663ccf872f63feb79aae7 Mon Sep 17 00:00:00 2001
From: AnsibleGuy <guy@ansibleguy.net>
Date: Tue, 10 Oct 2023 20:02:44 +0200
Subject: [PATCH] disabled bash-completion by default, fix for log-prefix

---
 README.md                             | 4 ++--
 defaults/main/0_hardcoded.yml         | 2 +-
 defaults/main/1_main.yml              | 3 ++-
 templates/etc/nftables.d/table.nft.j2 | 2 +-
 4 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index ce30286..83db777 100644
--- a/README.md
+++ b/README.md
@@ -52,7 +52,7 @@ nftables:
   #   sets: true
   #   nat: true
   #   deb11_backport: false  # use debian11 backports repository to install newer version on debian 10
-  #   bash_completion: true
+  #   bash_completion: false
 
   _defaults:  # defaults inherited by all tables and chains
     table:
@@ -210,10 +210,10 @@ ansible-playbook -K -D -i inventory/hosts.yml playbook.yml -e debug=yes
 
   * **Default opt-ins**:
     * Purging of unmanaged config-files stored in '/etc/nftables.d/'
-    * Adding [bash-completion script](https://patchwork.ozlabs.org/project/netfilter-devel/patch/1454691182-6573-1-git-send-email-giuseppelng@gmail.com/) for the 'nft' command
 
   * **Default opt-outs**:
     * Installing NFTables from Debian 11 backports when running on Debian 10 (_newer version_)
+    * Adding [bash-completion script](https://patchwork.ozlabs.org/project/netfilter-devel/patch/1454691182-6573-1-git-send-email-giuseppelng@gmail.com/) for the 'nft' command
 
 ----
 
diff --git a/defaults/main/0_hardcoded.yml b/defaults/main/0_hardcoded.yml
index f0b6a49..35393e4 100644
--- a/defaults/main/0_hardcoded.yml
+++ b/defaults/main/0_hardcoded.yml
@@ -122,6 +122,6 @@ NFT_HC:
 
       # add generic drop logging to any rule that drops packages
       drop_log: true
-      drop_log_prefix: 'DROP'
+      drop_log_prefix: "{{ NFT_CONFIG.log_drop_prefix }}"
 
       raw_key: ['raw', 'r']
diff --git a/defaults/main/1_main.yml b/defaults/main/1_main.yml
index fabc600..c84bb8b 100644
--- a/defaults/main/1_main.yml
+++ b/defaults/main/1_main.yml
@@ -8,7 +8,7 @@ defaults_nftables:
     sets: true
     nat: true
     deb11_backport: false
-    bash_completion: true
+    bash_completion: false
 
   _defaults:
     table: {}
@@ -23,6 +23,7 @@ defaults_nftables:
   vars: {}  # vars shared by all tables
   purge_orphaned: true  # purge all unmanaged files from /etc/nftables.d/
 
+  log_drop_prefix: 'NFTables DROP'
   log_group: ''  # set to '0' for container workaround => send logs to local ulogd2 daemon
   ext: 'nft'  # extension used for nftables config-files
 
diff --git a/templates/etc/nftables.d/table.nft.j2 b/templates/etc/nftables.d/table.nft.j2
index 63841e2..f916078 100644
--- a/templates/etc/nftables.d/table.nft.j2
+++ b/templates/etc/nftables.d/table.nft.j2
@@ -28,7 +28,7 @@ table {{ nft_table.type }} {{ nft_table_name }} {
     counter comment "COUNT {{ nft_table_name }}-{{ chain_name }}{% if chain_main %}-{{ chain.policy }}{% endif %}"
 {%   endif %}
 {%   if chain_main and chain.log.drop and chain.policy == 'drop' %}
-    log prefix "DROP {{ nft_table_name }}-{% if chain.log.prefix %}{{ chain.log.prefix }}{% else %}{{ chain_name }}{% endif %} "
+    log prefix "{{ NFT_CONFIG.log_drop_prefix }} {{ nft_table_name }}-{% if chain.log.prefix %}{{ chain.log.prefix }}{% else %}{{ chain_name }}{% endif %} "
 {%   endif %}
   }